[wplug] compression (was: Intro to running (s)ftp service?)

beer beer at cmu.edu
Fri Apr 15 14:17:21 EDT 2005 

I noticed that AES was one of the ciphers you are using.  I am wondering where others on the list stand on using AES?  Among, crypto folks, an algorithm is generally not considered 'proven' until it has stood the test of time (approx 15 yrs).  Rijndael is only about 5 years old, even if NIST accepted it as the next standard.

Just curious what other folks think about this.


> 

>> The one thing about ftpd vs sshd is speed.  In my experience, on a fast
>>  network, sshd tops out well below the line speed and is essentially 
>> processor bound.  FTP (and HTTP to a lesser extent) are much faster and
>>  operate with a much lower overhead.  It has been my experience that
>> they are always network bound.
>> 
>> At home, I have a DSL line.  SSH is the only thing I transmit over the 
>> DSL when I want to connect to my home PC from work.  This is because I 
>> am limited by the relatively low upload speed of my DSL.  At home, when
>>  I am on a 100Mb network, I never use ssh to transfer files, because it
>>  is much, much slower than everything else (even SMB).
>> 
>> Mike
> 
> Just a few quick speed hints for using SCP:
> 
> The -C flag will tell SSH/SCP to compress stuff.  In general I use it all
> the time.  CPUs are so much faster than networks still so compression is
> your friend.
> 
> Depending on your platform, using the blowfish cipher should be a little 
> faster than using the default 3des or aes128 (don't quote me on the aes128
> claim, they're both pretty close).
> 
> Most people don't realize, but you can configure all sorts of options on a
> global and a per host level in your ~/.ssh/config file.  This is nice 
> because you can force it to use a different port for certain hosts, 
> different ciphers, not allow password, only forward X for some hosts, etc.
> 
> 
> Here's a little snippet to drop in your ~/.ssh/config that will make you 
> use blowfish for your cipher and compress all data going over the network
> with GZip at level 6.
> 
> Host * Compression yes Ciphers
> blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cb
> c
> 
> I'm actually a little confused about why exactly this works, as the docs 
> say it is only for SSH1 and not SSH2, but testing a 11 meg text file 
> (about 20 copies of Huckleberry Finn repeated over and over), with 
> compression gave me an overall throughput of 90.6K (11 megs in 1 minute, 
> 51 seconds), without compression gave an overall throughput of 32.8K (11 
> megs in 4:58).   Totally non-scientific, but good enough for me to 
> conclude that it's doing something, especially considering that my cable 
> modem says that it's current upstream rate 384000bps.
> 
> At this point, I'll also throw in a quick plug for using mod_gzip (or the
> equivalent) on your servers, especially if hosting them over a cable 
> modem.  For simple HTML you'll usually get compression rates of about 66%
> or so.  Works great for my server hosted on my cable modem, keeps the
> pages zippy.  Most clients support this (yes, even IE supports compression
> of data).
> 
> --Patrick
> 
> _______________________________________________ wplug mailing list 
> wplug at wplug.org http://www.wplug.org/mailman/listinfo/wplug
> 
>

More information about the wplug mailing list